If your local client has already been configured, you can create a test certificate by running the
step ca certificate command. Here is an example:
step ca certificate myservice myservice.crt myservice.key \\ --san myservice.internal.mycompany.net \\ --not-after 8h
In this command, we are asking the CA to create a certificate with the following properties
myservice - The certificate's subject
myservice.crt - Save the certificate in a file with this name
myservice.key - Save the key in a file with this name
--san myservice.internal.mycompany.net- Add an additional SAN to the certificate, with the specified value
--not-after 8h- Set the certificate to expire after 8 hours
When you run this command, smallstep will need to authenticate you, so it will make a call to the
authority-admin provisioner and start a single sign-on flow via the Smallstep dashboard. After a successful sign-in, the authority will issue the certificate at the command line.
NOTE: If you have created additional provisioners you may see them appear during the “authentication” step. authority-admin is the only provisioner used to validate a user to smallstep. If instead, you want to create a certificate using a different provisioner, use the —provisioner parameter when making the certificate request.